CN103763310A - Firewall service system and method based on virtual network - Google Patents
Firewall service system and method based on virtual network Download PDFInfo
- Publication number
- CN103763310A CN103763310A CN201310751713.7A CN201310751713A CN103763310A CN 103763310 A CN103763310 A CN 103763310A CN 201310751713 A CN201310751713 A CN 201310751713A CN 103763310 A CN103763310 A CN 103763310A
- Authority
- CN
- China
- Prior art keywords
- firewall
- user
- network
- security policy
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000011217 control strategy Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a firewall service system based on a virtual network. The firewall service system based on the virtual network comprises a distributed type firewall manager and firewall service nodes, wherein the distributed type firewall manager is used for obtaining information of all virtual machine network interfaces in a user network according to the network identity of a user, determining the corresponding firewall service nodes according to the information of the virtual machine network interfaces, and distributing firewall configuration information and/or firewall security strategies of the user to the corresponding firework service nodes; the firewall service nodes are configured on an OVS switch based on OVS and are used for managing data flow passing through the OVS switch according to the received firewall configuration information and/or the received firewall security strategies of the user. The invention further provides a method for obtaining a virtual network firewall. By the adoption of the firewall service system based on the virtual network and the method for obtaining the virtual network firewall, through the deployment and the distributed management of the firewall service nodes, establishment of the distributed virtual network firewall is achieved.
Description
Technical field
The present invention relates to field of computer technology, more specifically, relate to a kind of a kind of firewall services system and method that realizes virtual network fire compartment wall based on virtual network.
Background technology
The fire compartment wall of legacy network is all generally the border that is deployed in network, on the link that in network, all flows can monitor.To mailing to the packet of internal network, filter, and with reference to the firewall security policy of setting, to package forward or abandon.
In virtual network, in environment, physical network resource is that all virtual network user are shared, but for user, network is to monopolize, and isolates with other users' network.Each user or Business Stream network can have different network security demands according to the service feature of network of oneself, and fire compartment wall is disposed and security strategy has different requirements.Due to the retractility expanded of virtual network, from the angle user's of physical network network boundary, be uncertain, so just cannot dispose in the conventional mode fire compartment wall and provide firewall services for each user.Therefore traditional firewall technology is just difficult to meet the demand for security of virtual network user.
For the problem in correlation technique, effective solution is not yet proposed at present.
Summary of the invention
For the problem in correlation technique, the present invention proposes a kind of a kind of firewall services system and method that realizes virtual network fire compartment wall based on virtual network, utilization is to the deployment of firewall services node and distributed management, thereby realizes the structure of distributed virtual fire compartment wall.
For achieving the above object, on the one hand, the invention provides a kind of firewall services system based on virtual network, comprising: distributed fire wall manager, for obtain all virtual machine network interface messages of user network according to user's network identity; According to virtual machine network interface message, determine corresponding firewall services node; And, user's firewall configuration information and/or firewall security policy are distributed to corresponding firewall services node; Firewall services node, is configured on the OVS switch based on open virtual switch standard OVS, for the data flow by OVS switch being managed according to the user's who receives firewall configuration information and/or firewall security policy.
According to the present invention, firewall services system also comprises virtual firewall module, for user's network identity and corresponding firewall configuration information and/or firewall security policy are set by fire compartment wall operation-interface; And user's network identity and corresponding firewall configuration information and/or firewall security policy are sent to distributed fire wall manager.
According to the present invention, when virtual firewall module also changes for the firewall configuration information as user and/or firewall security policy, the firewall configuration information after changing and/or firewall security policy and user's network identity are sent to distributed fire wall manager.
According to the present invention, virtual machine network interface message comprises that position in managerial grid of OVS switch that virtual machine network interface connects and virtual machine network interface are at the port numbering of OVS switch.
According to the present invention, firewall services node comprises policy module, and it converts data flow con-trol strategy to for the firewall security policy that distributed fire wall manager is issued.
According to the present invention, firewall services node also comprises control module, and the control information that it is sent for monitoring distributed fire wall manager, to carry out control operation or policy module is configured to operation to service node.
On the other hand, the present invention also provides a kind of method that realizes virtual network fire compartment wall, comprising: distributed fire wall manager obtains all virtual machine network interface messages in user network according to user's network identity; Distributed fire wall manager is determined corresponding firewall services node according to virtual machine network interface message; Distributed fire wall manager is distributed to corresponding firewall services node by user's firewall configuration information and/or firewall security policy, and wherein, firewall services node is configured on the OVS switch based on open virtual switch standard OVS; Firewall services node manages the data flow by OVS switch according to the user's who receives firewall configuration information and/or firewall security policy.
According to the present invention, the method also comprises: virtual firewall module, for user's network identity and corresponding firewall configuration information and/or firewall security policy are set by fire compartment wall operation-interface; And user's network identity and corresponding firewall configuration information and/or firewall security policy are sent to distributed fire wall manager.
According to the present invention, according to the user's who receives firewall configuration information and/or firewall security policy, the data flow by OVS switch is managed, comprising: convert user's firewall security policy to data flow con-trol strategy; And according to data flow con-trol strategy, the data flow by OVS switch is managed.
Compared with prior art, beneficial effect of the present invention is:
The present invention passes through at physical machine deploy firewall services node, and service node is carried out to distributed management, realizes distributed virtual fire compartment wall, for each user provides independently virtual firewall equipment of logic thereby build.
In addition, the present invention also can realize the independence of security strategy and user profile, and user's security strategy can not cause interference to others' network.Therefore, the invention solves in virtual network and cannot meet with traditional firewall box the problem of different user demand for security.
Accompanying drawing explanation
Fig. 1 is the structural representation block diagram of the firewall services system based on virtual network according to an embodiment of the invention;
Fig. 2 is the schematic diagram of realizing according to an embodiment of the invention the method for virtual network fire compartment wall;
Fig. 3 is according to the schematic diagram of the method that realizes virtual network fire compartment wall of further embodiment of this invention;
Fig. 4 is the schematic diagram of realizing according to another embodiment of the present invention the method for virtual network fire compartment wall.Embodiment
Below in conjunction with accompanying drawing, the present invention is further illustrated.
As shown in Figure 1, what illustrate is the firewall services system that the present invention is based on virtual network, and this system comprises distributed fire wall manager 10 and firewall services node 20.
Specifically, distributed fire wall manager 10 is for obtaining all virtual machine network interface messages of user network according to user's network identity; It also can determine corresponding firewall services node 20 according to virtual machine network interface message; And user's firewall configuration information and/or firewall security policy are distributed to corresponding firewall services node 20.
Further, firewall services node 20 is configurable on the OVS switch based on open virtual switch standard OVS, for the data flow by OVS switch being managed according to the above-mentioned user's who receives firewall configuration information and/or firewall security policy.
In an optional embodiment of the present invention, firewall services system can also comprise virtual firewall module.This virtual firewall module can be used for arranging by fire compartment wall operation-interface user's network identity and corresponding firewall configuration information and/or firewall security policy; It can also send to distributed fire wall manager 10 by above-mentioned user's network identity and corresponding firewall configuration information and/or firewall security policy.
Further, in a preferred embodiment of the invention, when virtual firewall module can also change for the firewall configuration information as user and/or firewall security policy, the firewall configuration information after changing and/or firewall security policy and user's network identity are sent to distributed fire wall manager 10.
In another preferred embodiment of the present invention, virtual machine network interface message can comprise that position in managerial grid of OVS switch that virtual machine network interface connects and virtual machine network interface are at the port numbering of OVS switch.
Further, in an optional embodiment of the present invention, firewall services node 20 can comprise: policy module and control module.
Particularly, the firewall security policy that this policy module can be used for that distributed fire wall manager 10 is issued converts data flow con-trol strategy to; And aerial module can be used for monitoring the control information that distributed fire wall manager 10 is sent, service node is carried out to control operation or policy module is configured to operation.
On the other hand, as shown in Figure 2, the present invention also provides a kind of method that realizes virtual network fire compartment wall, and the method comprises:
S101, distributed fire wall manager 10 obtains all virtual machine network interface messages in user network according to user's network identity;
S102, distributed fire wall manager 10 is determined corresponding firewall services node 20 according to virtual machine network interface message;
S103, distributed fire wall manager 10 is distributed to corresponding firewall services node 20 by user's firewall configuration information and/or firewall security policy, wherein, firewall services node 20 is configured on the OVS switch based on open virtual switch standard OVS;
S104, firewall services node 20 manages the data flow by OVS switch according to the user's who receives firewall configuration information and/or firewall security policy.
Preferably, as shown in Figure 3, in the present invention, realize in the embodiment of method of virtual network fire compartment wall, the method also can comprise:
S201, virtual firewall module, for arranging user's network identity and corresponding firewall configuration information and/or firewall security policy by fire compartment wall operation-interface; And
S202, sends to distributed fire wall manager 10 by user's network identity and corresponding firewall configuration information and/or firewall security policy.
In addition, as shown in Figure 4, in the another preferred embodiment of method of the present invention, the step data flow by OVS switch being managed according to the user's who receives firewall configuration information and/or firewall security policy can comprise:
S301, converts user's firewall security policy to data flow con-trol strategy; And
S302, manages the data flow by OVS switch according to data flow con-trol strategy.
Specifically, in the present invention, the service node of fire compartment wall is the service module being based upon on OVS basis.First on host, use OVS to substitute original Linux Bridge module, and use OVS to provide the network insertion of two layers for the virtual machine moving on host.OVS carries out forwarding at a high speed to mailing to the packet of virtual machine, forwarding according to being exactly that stream is shown.Wherein, so-called stream table is exactly Openflow switch for a kind of height abstract that forwards rule, and stream table has comprised territory, packet header, counter and action.The content description in territory, packet header for the matching strategy of packet, its content comprises port, source MAC, destination-mac address, source IP address, target ip address, IP agreement, TCP/UDP source port, the TCP/UDP destination interface that packet flows into.
Particularly, stream table information can be set according to demand freely, take that this can provide as switch the forwarding strategy of packet.Firewall services node 20 modules mainly contain two parts and form: the firstth, and policy module, in policy module, preserved the firewall security policy issuing from distributed manager, security strategy is converted to the data flow con-trol strategy of OVS, and strategy is kept in the stream table of OVS; Another one is partly node control module, in node control module, moved a web services, use REST (Representational State Transfer, the transfer of statement sexual state) standard has been issued the control interface to service node, monitor the order that distributed manager is sent, service node is carried out to the configuration operation of control operation and firewall policy.
For fire compartment wall distributed manager, this module be each virtual network abstract logic firewall services independently.When user is configured the firewall services of oneself, configuration information and user's network identity together can be sent to distribution management device.Distribution management device can be according to user's network identity, from network management, obtain virtual machine network interface messages all in user network, the position of the OVS switch connecting comprising virtual machine network interface in supervising the network and interface are at the port numbering of OVS switch.Then distribution management device by the configuration information of user's fire compartment wall according to being distributed to corresponding firewall services node 20, by corresponding firewall services node 20, process firewall policies.
In sum, the present invention passes through at physical machine deploy firewall services node 20, and service node is carried out to distributed management, realizes distributed virtual fire compartment wall, for each user provides independently virtual firewall equipment of logic thereby build.
In addition, the present invention also can realize the independence of security strategy and user profile, and user's security strategy can not cause interference to others' network.Therefore, the invention solves in virtual network and cannot meet with traditional firewall box the problem of different user demand for security.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (9)
1. the firewall services system based on virtual network, comprising:
Distributed fire wall manager, for obtaining all virtual machine network interface messages of user network according to user's network identity; According to described virtual machine network interface message, determine corresponding firewall services node; And, described user's firewall configuration information and/or firewall security policy are distributed to corresponding firewall services node;
Firewall services node, is configured on the OVS switch based on open virtual switch standard OVS, for the data flow by OVS switch being managed according to the described user's who receives firewall configuration information and/or firewall security policy.
2. firewall services system according to claim 1, it is characterized in that, described firewall services system also comprises virtual firewall module, for user's network identity and corresponding firewall configuration information and/or firewall security policy are set by fire compartment wall operation-interface; And,
Described user's network identity and corresponding firewall configuration information and/or firewall security policy are sent to described distributed fire wall manager.
3. firewall services system according to claim 2, it is characterized in that, described virtual firewall module, while also changing for the firewall configuration information as described user and/or firewall security policy, the firewall configuration information after changing and/or firewall security policy and user's network identity are sent to distributed fire wall manager.
4. firewall services system according to claim 1, it is characterized in that, described virtual machine network interface message comprises that position in managerial grid of OVS switch that virtual machine network interface connects and virtual machine network interface are at the port numbering of described OVS switch.
5. firewall services system according to claim 1, is characterized in that, described firewall services node comprises: policy module, converts data flow con-trol strategy to for the firewall security policy that distributed fire wall manager is issued.
6. firewall services system according to claim 5, it is characterized in that, described firewall services node also comprises: control module, the control information of sending for monitoring distributed fire wall manager, to carry out control operation or described policy module is configured to operation to service node.
7. a method that realizes virtual network fire compartment wall, comprising:
Distributed fire wall manager obtains all virtual machine network interface messages in user network according to user's network identity;
Distributed fire wall manager is determined corresponding firewall services node according to described virtual machine network interface message;
Distributed fire wall manager is distributed to corresponding firewall services node by described user's firewall configuration information and/or firewall security policy, and wherein, described firewall services node is configured on the OVS switch based on open virtual switch standard OVS;
Firewall services node manages the data flow by OVS switch according to the described user's who receives firewall configuration information and/or firewall security policy.
8. method according to claim 7, is characterized in that, described method also comprises:
Virtual firewall module, for arranging user's network identity and corresponding firewall configuration information and/or firewall security policy by fire compartment wall operation-interface; And,
Described user's network identity and corresponding firewall configuration information and/or firewall security policy are sent to described distributed fire wall manager.
9. method according to claim 7, is characterized in that, according to the described user's who receives firewall configuration information and/or firewall security policy, the data flow by OVS switch is managed, and comprising:
Convert described user's firewall security policy to data flow con-trol strategy; And
According to described data flow con-trol strategy, the data flow by OVS switch is managed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751713.7A CN103763310B (en) | 2013-12-31 | 2013-12-31 | Firewall service system and method based on virtual network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310751713.7A CN103763310B (en) | 2013-12-31 | 2013-12-31 | Firewall service system and method based on virtual network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103763310A true CN103763310A (en) | 2014-04-30 |
| CN103763310B CN103763310B (en) | 2017-04-12 |
Family
ID=50530470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310751713.7A Active CN103763310B (en) | 2013-12-31 | 2013-12-31 | Firewall service system and method based on virtual network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103763310B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104869016A (en) * | 2015-04-28 | 2015-08-26 | 杭州华三通信技术有限公司 | Method and equipment for transmitting data message |
| CN104954186A (en) * | 2015-06-19 | 2015-09-30 | 云南电网有限责任公司信息中心 | Application-oriented SDN (software defined network) strategy control method |
| CN104994094A (en) * | 2015-07-01 | 2015-10-21 | 北京奇虎科技有限公司 | Virtualization platform safety protection method, device and system based on virtual switch |
| CN105100026A (en) * | 2014-05-22 | 2015-11-25 | 杭州华三通信技术有限公司 | Safe message forwarding method and safe message forwarding device |
| CN105141571A (en) * | 2014-06-09 | 2015-12-09 | 中兴通讯股份有限公司 | Distributed virtual firewall device and method |
| CN105530259A (en) * | 2015-12-22 | 2016-04-27 | 华为技术有限公司 | Message filtering method and equipment |
| CN106027569A (en) * | 2016-07-19 | 2016-10-12 | 浪潮电子信息产业股份有限公司 | Firewall management methods, master node, slave node, and cluster |
| CN107920022A (en) * | 2017-12-26 | 2018-04-17 | 北京天融信网络安全技术有限公司 | A kind of secure virtual machine communication system and secure virtual machine communication means |
| CN108108210A (en) * | 2018-01-11 | 2018-06-01 | 上海有云信息技术有限公司 | Management method, device, server and the storage medium of safety product |
| CN110971584A (en) * | 2018-09-28 | 2020-04-07 | 丛林网络公司 | Intent-based policies generated for virtual networks |
| CN111614605A (en) * | 2019-02-26 | 2020-09-01 | 瞻博网络公司 | Automatic configuration of boundary firewall based on security group information of SDN virtual firewall |
| CN111711536A (en) * | 2020-06-05 | 2020-09-25 | 北京计算机技术及应用研究所 | Method for constructing firewall test environment under cloud architecture |
| CN112491789A (en) * | 2020-10-20 | 2021-03-12 | 苏州浪潮智能科技有限公司 | OpenStack framework-based virtual firewall construction method and storage medium |
| CN112511495A (en) * | 2020-11-05 | 2021-03-16 | 方一信息科技(上海)有限公司 | Distributed firewall-oriented network system and interface card data flow acceleration processing method |
| CN113381994A (en) * | 2015-04-07 | 2021-09-10 | 安博科技有限公司 | Multi-boundary firewall at cloud |
| CN113765912A (en) * | 2021-09-02 | 2021-12-07 | 迈迪信息技术有限公司 | Distributed firewall device and detection method thereof |
| US11870642B2 (en) | 2021-10-04 | 2024-01-09 | Juniper Networks, Inc. | Network policy generation for continuous deployment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212453A (en) * | 2006-12-29 | 2008-07-02 | 凹凸科技(中国)有限公司 | Network access control method and firewall device |
| CN101409714A (en) * | 2008-11-18 | 2009-04-15 | 华南理工大学 | Firewall system based on virtual machine |
| CN101958903B (en) * | 2010-10-09 | 2013-01-02 | 南京博同科技有限公司 | Method for realizing high-performance firewall based on SOC and parallel virtual firewall |
-
2013
- 2013-12-31 CN CN201310751713.7A patent/CN103763310B/en active Active
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100026B (en) * | 2014-05-22 | 2018-07-20 | 新华三技术有限公司 | A kind of safe retransmission method of message and device |
| CN105100026A (en) * | 2014-05-22 | 2015-11-25 | 杭州华三通信技术有限公司 | Safe message forwarding method and safe message forwarding device |
| CN105141571A (en) * | 2014-06-09 | 2015-12-09 | 中兴通讯股份有限公司 | Distributed virtual firewall device and method |
| WO2015188579A1 (en) * | 2014-06-09 | 2015-12-17 | 中兴通讯股份有限公司 | Distributed virtual firewall apparatus and method, and firewall controller |
| CN113381994A (en) * | 2015-04-07 | 2021-09-10 | 安博科技有限公司 | Multi-boundary firewall at cloud |
| CN113381994B (en) * | 2015-04-07 | 2023-05-02 | 安博科技有限公司 | Multi-boundary firewall in cloud |
| CN104869016B (en) * | 2015-04-28 | 2018-12-25 | 新华三技术有限公司 | A kind of transmission method and equipment of data message |
| CN104869016A (en) * | 2015-04-28 | 2015-08-26 | 杭州华三通信技术有限公司 | Method and equipment for transmitting data message |
| CN104954186B (en) * | 2015-06-19 | 2018-01-30 | 云南电网有限责任公司信息中心 | A kind of application oriented SDN policy control method |
| CN104954186A (en) * | 2015-06-19 | 2015-09-30 | 云南电网有限责任公司信息中心 | Application-oriented SDN (software defined network) strategy control method |
| CN104994094A (en) * | 2015-07-01 | 2015-10-21 | 北京奇虎科技有限公司 | Virtualization platform safety protection method, device and system based on virtual switch |
| CN105530259A (en) * | 2015-12-22 | 2016-04-27 | 华为技术有限公司 | Message filtering method and equipment |
| CN105530259B (en) * | 2015-12-22 | 2019-01-18 | 华为技术有限公司 | Message filtering method and equipment |
| CN106027569A (en) * | 2016-07-19 | 2016-10-12 | 浪潮电子信息产业股份有限公司 | Firewall management methods, master node, slave node, and cluster |
| CN107920022A (en) * | 2017-12-26 | 2018-04-17 | 北京天融信网络安全技术有限公司 | A kind of secure virtual machine communication system and secure virtual machine communication means |
| CN107920022B (en) * | 2017-12-26 | 2021-08-24 | 北京天融信网络安全技术有限公司 | Virtual machine safety communication system and virtual machine safety communication method |
| CN108108210A (en) * | 2018-01-11 | 2018-06-01 | 上海有云信息技术有限公司 | Management method, device, server and the storage medium of safety product |
| CN110971584A (en) * | 2018-09-28 | 2020-04-07 | 丛林网络公司 | Intent-based policies generated for virtual networks |
| CN110971584B (en) * | 2018-09-28 | 2022-05-24 | 瞻博网络公司 | Intent-based policies generated for virtual networks |
| US11700237B2 (en) | 2018-09-28 | 2023-07-11 | Juniper Networks, Inc. | Intent-based policy generation for virtual networks |
| CN111614605B (en) * | 2019-02-26 | 2022-08-05 | 瞻博网络公司 | Method for configuring firewall, security management system and computer readable medium |
| CN111614605A (en) * | 2019-02-26 | 2020-09-01 | 瞻博网络公司 | Automatic configuration of boundary firewall based on security group information of SDN virtual firewall |
| CN111711536A (en) * | 2020-06-05 | 2020-09-25 | 北京计算机技术及应用研究所 | Method for constructing firewall test environment under cloud architecture |
| CN112491789A (en) * | 2020-10-20 | 2021-03-12 | 苏州浪潮智能科技有限公司 | OpenStack framework-based virtual firewall construction method and storage medium |
| WO2022083207A1 (en) * | 2020-10-20 | 2022-04-28 | 苏州浪潮智能科技有限公司 | Virtual firewall construction method based on openstack framework |
| CN112491789B (en) * | 2020-10-20 | 2022-12-27 | 苏州浪潮智能科技有限公司 | OpenStack framework-based virtual firewall construction method and storage medium |
| CN112511495A (en) * | 2020-11-05 | 2021-03-16 | 方一信息科技(上海)有限公司 | Distributed firewall-oriented network system and interface card data flow acceleration processing method |
| CN113765912A (en) * | 2021-09-02 | 2021-12-07 | 迈迪信息技术有限公司 | Distributed firewall device and detection method thereof |
| US11870642B2 (en) | 2021-10-04 | 2024-01-09 | Juniper Networks, Inc. | Network policy generation for continuous deployment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103763310B (en) | 2017-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103763310A (en) | Firewall service system and method based on virtual network | |
| CN106953788B (en) | virtual network controller and control method | |
| CN103997414B (en) | Generate method and the network control unit of configuration information | |
| US9917729B2 (en) | Methods, systems, and computer readable media for multi-layer orchestration in software defined networks (SDNs) | |
| US9401928B2 (en) | Data stream security processing method and apparatus | |
| CN103825954A (en) | OpenFlow control method and corresponding insert, platform and network thereof | |
| CN104253770A (en) | Method and equipment for realizing distributed virtual switch system | |
| CN105634956B (en) | A kind of message forwarding method, device and system | |
| CN105337819B (en) | Data processing method of broadband access gateway, broadband access gateway and network system | |
| US9900238B2 (en) | Overlay network-based original packet flow mapping apparatus and method therefor | |
| CN104780088A (en) | Service message transmission method and equipment | |
| CN104301129A (en) | Dynamic host configuration method and system in software defined network | |
| JP2019500822A (en) | Virtual machine packet control | |
| CN104283756A (en) | Method and device for realizing distributed type multi-tenant virtual network | |
| CN104869058A (en) | Method and device for transmitting data message | |
| EP3069471B1 (en) | Optimized multicast routing in a clos-like network | |
| CN105553849A (en) | Conventional IP network and SPTN network intercommunication method and system | |
| CN106301921B (en) | Elephant flow transmission dispatching method and system based on tunnel | |
| CN104468775A (en) | Distributed router obtaining method suitable for cloud computing | |
| CN107181691B (en) | Method, equipment and system for realizing message routing in network | |
| CN104468633B (en) | A kind of SDN south orientations TSM Security Agent product | |
| CN104901825B (en) | A kind of method and apparatus for realizing zero configuration starting | |
| CN104813644A (en) | Identifying nated devices for device-specific traffic flow steering | |
| CN108270690A (en) | The method and apparatus for controlling message flow | |
| CN106656905A (en) | Firewall cluster realization method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Patentee after: Shuguang Cloud Computing Group Co.,Ltd. Address before: 100193 Beijing, Haidian District, northeast Wang West Road, building 8, building 36, floor 5 Patentee before: DAWNING CLOUD COMPUTING TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100193 5 floor, 36 building, No. 8 Northeast Road, Haidian District, Beijing. Patentee after: Shuguang Cloud Computing Group Co.,Ltd. Country or region after: China Address before: 100193 5 floor, 36 building, No. 8 Northeast Road, Haidian District, Beijing. Patentee before: Shuguang Cloud Computing Group Co.,Ltd. Country or region before: China |